You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by db...@apache.org on 2008/03/24 22:48:22 UTC
svn commit: r640595 - in /openejb/branches/openejb-3.0/container:
openejb-core/src/main/java/org/apache/openejb/assembler/classic/
openejb-core/src/main/java/org/apache/openejb/core/security/
openejb-core/src/main/java/org/apache/openejb/core/security/...
Author: dblevins
Date: Mon Mar 24 14:48:10 2008
New Revision: 640595
URL: http://svn.apache.org/viewvc?rev=640595&view=rev
Log:
Merging r640283 - http://svn.apache.org/viewvc?rev=640283&view=rev
svn merge -r 640282:640283 https://svn.apache.org/repos/asf/openejb/trunk/openejb3 .
------------------------------------------------------------------------
r640283 | dblevins | 2008-03-23 18:09:39 -0700 (Sun, 23 Mar 2008) | 2 lines
Security annotation inheritance
------------------------------------------------------------------------
Added:
openejb/branches/openejb-3.0/container/openejb-core/src/test/java/org/apache/openejb/core/stateful/StatefulSecurityPermissionsTest.java
- copied unchanged from r640283, openejb/trunk/openejb3/container/openejb-core/src/test/java/org/apache/openejb/core/stateful/StatefulSecurityPermissionsTest.java
Modified:
openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/JaccPermissionsBuilder.java
openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodInfoUtil.java
openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodPermissionInfo.java
openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodTransactionBuilder.java
openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityServiceImpl.java
openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicJaccProvider.java
openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicPolicyConfiguration.java
openejb/branches/openejb-3.0/container/openejb-jee/src/main/java/org/apache/openejb/jee/ContainerTransaction.java
openejb/branches/openejb-3.0/container/openejb-jee/src/main/java/org/apache/openejb/jee/MethodPermission.java
Modified: openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/JaccPermissionsBuilder.java
URL: http://svn.apache.org/viewvc/openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/JaccPermissionsBuilder.java?rev=640595&r1=640594&r2=640595&view=diff
==============================================================================
--- openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/JaccPermissionsBuilder.java (original)
+++ openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/JaccPermissionsBuilder.java Mon Mar 24 14:48:10 2008
@@ -19,6 +19,9 @@
import org.apache.openejb.DeploymentInfo;
import org.apache.openejb.InterfaceType;
import org.apache.openejb.OpenEJBException;
+import org.apache.openejb.util.Logger;
+import org.apache.openejb.util.LogCategory;
+import static org.apache.openejb.assembler.classic.MethodInfoUtil.resolveAttributes;
import org.apache.openejb.core.CoreDeploymentInfo;
import javax.security.jacc.EJBMethodPermission;
@@ -33,6 +36,8 @@
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.ArrayList;
+import java.lang.reflect.Method;
/**
* @version $Rev$ $Date$
@@ -65,9 +70,66 @@
}
}
+ private static Logger log = Logger.getInstance(LogCategory.OPENEJB_STARTUP.createChild("attributes"), JaccPermissionsBuilder.class);
public PolicyContext build(EjbJarInfo ejbJar, HashMap<String, DeploymentInfo> deployments) throws OpenEJBException {
+ List<MethodPermissionInfo> normalized = new ArrayList<MethodPermissionInfo>();
+
+ List<MethodPermissionInfo> perms = ejbJar.methodPermissions;
+
+ for (MethodInfo info : ejbJar.excludeList) {
+ MethodPermissionInfo perm = new MethodPermissionInfo();
+ perm.excluded = true;
+ perm.methods.add(info);
+ perms.add(perm);
+ }
+
+ perms = MethodInfoUtil.normalizeMethodPermissionInfos(perms);
+
+ for (DeploymentInfo deploymentInfo : deployments.values()) {
+ Map<Method, MethodAttributeInfo> attributes = resolveAttributes(perms, deploymentInfo);
+
+ if (log.isDebugEnabled()) {
+ for (Map.Entry<Method, MethodAttributeInfo> entry : attributes.entrySet()) {
+ Method method = entry.getKey();
+ MethodPermissionInfo value = (MethodPermissionInfo) entry.getValue();
+ log.debug("Security Attribute: " + method + " -- " + MethodInfoUtil.toString(value));
+ }
+ }
+
+ for (Map.Entry<Method, MethodAttributeInfo> entry : attributes.entrySet()) {
+ Method method = entry.getKey();
+
+ MethodPermissionInfo a = (MethodPermissionInfo) entry.getValue();
+ MethodPermissionInfo b = new MethodPermissionInfo();
+ b.excluded = a.excluded;
+ b.unchecked = a.unchecked;
+ b.roleNames.addAll(a.roleNames);
+
+ MethodInfo am = a.methods.get(0);
+ MethodInfo bm = new MethodInfo();
+
+ bm.ejbName = deploymentInfo.getEjbName();
+ bm.ejbDeploymentId = deploymentInfo.getDeploymentID() + "";
+ bm.methodIntf = am.methodIntf;
+
+ bm.className = method.getDeclaringClass().getName();
+ bm.methodName = method.getName();
+ bm.methodParams = new ArrayList<String>();
+ for (Class<?> type : method.getParameterTypes()) {
+ bm.methodParams.add(type.getName());
+ }
+ b.methods.add(bm);
+
+ normalized.add(b);
+ }
+ }
+
+ ejbJar.methodPermissions.clear();
+ ejbJar.methodPermissions.addAll(normalized);
+ ejbJar.excludeList.clear();
+
PolicyContext policyContext = new PolicyContext(ejbJar.moduleId);
for (EnterpriseBeanInfo enterpriseBean : ejbJar.enterpriseBeans) {
@@ -109,6 +171,7 @@
for (MethodPermissionInfo methodPermission : ejbJar.methodPermissions) {
List<String> roleNames = methodPermission.roleNames;
boolean unchecked = methodPermission.unchecked;
+ boolean excluded = methodPermission.excluded;
for (MethodInfo method : methodPermission.methods) {
@@ -142,6 +205,11 @@
// if this is unchecked, mark it as unchecked; otherwise assign the roles
if (unchecked) {
uncheckedPermissions.add(permission);
+ } else if (excluded) {
+ /**
+ * JACC v1.0 section 3.1.5.2
+ */
+ excludedPermissions.add(permission);
} else {
for (String roleName : roleNames) {
Permissions permissions = (Permissions) rolePermissions.get(roleName);
@@ -154,35 +222,6 @@
}
}
- }
-
- /**
- * JACC v1.0 section 3.1.5.2
- */
- for (MethodInfo method : ejbJar.excludeList) {
- if (!ejbName.equals(method.ejbName)) {
- continue;
- }
-
- // method name
- String methodName = method.methodName;
- // method interface
- String methodIntf = method.methodIntf;
-
- // method parameters
- String[] methodParams;
- if (method.methodParams != null) {
- List<String> paramList = method.methodParams;
- methodParams = paramList.toArray(new String[paramList.size()]);
- } else {
- methodParams = null;
- }
-
- // create the permission object
- EJBMethodPermission permission = new EJBMethodPermission(ejbName, methodName, methodIntf, methodParams);
-
- excludedPermissions.add(permission);
- notAssigned = cullPermissions(notAssigned, permission);
}
/**
Modified: openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodInfoUtil.java
URL: http://svn.apache.org/viewvc/openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodInfoUtil.java?rev=640595&r1=640594&r2=640595&view=diff
==============================================================================
--- openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodInfoUtil.java (original)
+++ openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodInfoUtil.java Mon Mar 24 14:48:10 2008
@@ -17,6 +17,8 @@
package org.apache.openejb.assembler.classic;
import org.apache.openejb.core.CoreDeploymentInfo;
+import org.apache.openejb.DeploymentInfo;
+import org.apache.openejb.util.Join;
import static java.util.Arrays.asList;
import java.util.Comparator;
@@ -171,6 +173,7 @@
newInfo.methods.add(methodInfo);
newInfo.roleNames.addAll(oldInfo.roleNames);
newInfo.unchecked = oldInfo.unchecked;
+ newInfo.excluded = oldInfo.excluded;
normalized.add(newInfo);
}
@@ -204,7 +207,7 @@
}
- public static Map<Method, MethodAttributeInfo> resolveAttributes(List<? extends MethodAttributeInfo> infos, CoreDeploymentInfo deploymentInfo) {
+ public static Map<Method, MethodAttributeInfo> resolveAttributes(List<? extends MethodAttributeInfo> infos, DeploymentInfo deploymentInfo) {
Map<Method, MethodAttributeInfo> attributes = new LinkedHashMap<Method, MethodAttributeInfo>();
Method[] wildCardView = getWildCardView(deploymentInfo).toArray(new Method[]{});
@@ -251,7 +254,7 @@
return attributes;
}
- private static List<Method> getWildCardView(CoreDeploymentInfo info) {
+ private static List<Method> getWildCardView(DeploymentInfo info) {
List<Method> methods = new ArrayList<Method>();
List<Method> beanMethods = asList(info.getBeanClass().getMethods());
@@ -400,6 +403,43 @@
// Secondary sort
return view(am).ordinal() - view(bm).ordinal();
}
+ }
+
+
+ public static String toString(MethodInfo i) {
+ String s = i.ejbName;
+ s += " : ";
+ s += (i.methodIntf == null) ? "*" : i.methodIntf;
+ s += " : ";
+ s += i.className;
+ s += " : ";
+ s += i.methodName;
+ s += "(";
+ if (i.methodParams != null) {
+ s += Join.join(", ", i.methodParams);
+ } else {
+ s += "*";
+ }
+ s += ")";
+ return s;
+ }
+
+ public static String toString(MethodPermissionInfo i) {
+ String s = toString(i.methods.get(0));
+ if (i.unchecked){
+ s += " Unchecked";
+ } else if (i.excluded){
+ s += " Excluded";
+ } else {
+ s += " " + Join.join(", ", i.roleNames);
+ }
+ return s;
+ }
+
+ public static String toString(MethodTransactionInfo i) {
+ String s = toString(i.methods.get(0));
+ s += " " + i.transAttribute;
+ return s;
}
}
Modified: openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodPermissionInfo.java
URL: http://svn.apache.org/viewvc/openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodPermissionInfo.java?rev=640595&r1=640594&r2=640595&view=diff
==============================================================================
--- openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodPermissionInfo.java (original)
+++ openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodPermissionInfo.java Mon Mar 24 14:48:10 2008
@@ -16,6 +16,8 @@
*/
package org.apache.openejb.assembler.classic;
+import org.apache.openejb.util.Join;
+
import java.util.List;
import java.util.ArrayList;
@@ -23,6 +25,7 @@
public String description;
public final List<String> roleNames = new ArrayList<String>();
+ public boolean excluded;
public boolean unchecked;
}
Modified: openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodTransactionBuilder.java
URL: http://svn.apache.org/viewvc/openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodTransactionBuilder.java?rev=640595&r1=640594&r2=640595&view=diff
==============================================================================
--- openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodTransactionBuilder.java (original)
+++ openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/assembler/classic/MethodTransactionBuilder.java Mon Mar 24 14:48:10 2008
@@ -51,6 +51,15 @@
Map<Method, MethodAttributeInfo> attributes = resolveAttributes(methodTransactionInfos, deploymentInfo);
+ Logger log = Logger.getInstance(LogCategory.OPENEJB_STARTUP.createChild("attributes"), MethodTransactionBuilder.class);
+ if (log.isDebugEnabled()) {
+ for (Map.Entry<Method, MethodAttributeInfo> entry : attributes.entrySet()) {
+ Method method = entry.getKey();
+ MethodPermissionInfo value = (MethodPermissionInfo) entry.getValue();
+ log.debug("Transaction Attribute: " + method + " -- " + MethodInfoUtil.toString(value));
+ }
+ }
+
for (Map.Entry<Method, MethodAttributeInfo> entry : attributes.entrySet()) {
MethodTransactionInfo value = (MethodTransactionInfo) entry.getValue();
Modified: openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java
URL: http://svn.apache.org/viewvc/openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java?rev=640595&r1=640594&r2=640595&view=diff
==============================================================================
--- openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java (original)
+++ openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/AbstractSecurityService.java Mon Mar 24 14:48:10 2008
@@ -66,7 +66,11 @@
private String realmName = "PropertiesLogin";
public AbstractSecurityService() {
- System.setProperty(JaccProvider.class.getName(), BasicJaccProvider.class.getName());
+ this(BasicJaccProvider.class.getName());
+ }
+
+ public AbstractSecurityService(String jaccProvider) {
+ System.setProperty(JaccProvider.class.getName(), jaccProvider);
installJacc();
@@ -77,7 +81,6 @@
SystemInstance.get().setComponent(BasicPolicyConfiguration.RoleResolver.class, this);
}
-
public String getRealmName() {
return realmName;
Modified: openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityServiceImpl.java
URL: http://svn.apache.org/viewvc/openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityServiceImpl.java?rev=640595&r1=640594&r2=640595&view=diff
==============================================================================
--- openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityServiceImpl.java (original)
+++ openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityServiceImpl.java Mon Mar 24 14:48:10 2008
@@ -17,8 +17,8 @@
package org.apache.openejb.core.security;
import org.apache.openejb.core.security.jaas.UsernamePasswordCallbackHandler;
+import org.apache.openejb.core.security.jacc.BasicJaccProvider;
import org.apache.openejb.util.ConfUtils;
-import org.apache.openejb.util.URLs;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
@@ -31,7 +31,13 @@
* @version $Rev$ $Date$
*/
public class SecurityServiceImpl extends AbstractSecurityService {
+
public SecurityServiceImpl() {
+ this(BasicJaccProvider.class.getName());
+ }
+
+ public SecurityServiceImpl(String jaccProviderClass) {
+ super(jaccProviderClass);
installJaas();
try {
Modified: openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicJaccProvider.java
URL: http://svn.apache.org/viewvc/openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicJaccProvider.java?rev=640595&r1=640594&r2=640595&view=diff
==============================================================================
--- openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicJaccProvider.java (original)
+++ openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicJaccProvider.java Mon Mar 24 14:48:10 2008
@@ -46,13 +46,17 @@
BasicPolicyConfiguration configuration = (BasicPolicyConfiguration) configurations.get(contextID);
if (configuration == null) {
- configuration = new BasicPolicyConfiguration(contextID);
+ configuration = createPolicyConfiguration(contextID);
configurations.put(contextID, configuration);
} else {
configuration.open(remove);
}
return configuration;
+ }
+
+ protected BasicPolicyConfiguration createPolicyConfiguration(String contextID) {
+ return new BasicPolicyConfiguration(contextID);
}
public boolean inService(String contextID) throws PolicyContextException {
Modified: openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicPolicyConfiguration.java
URL: http://svn.apache.org/viewvc/openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicPolicyConfiguration.java?rev=640595&r1=640594&r2=640595&view=diff
==============================================================================
--- openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicPolicyConfiguration.java (original)
+++ openejb/branches/openejb-3.0/container/openejb-core/src/main/java/org/apache/openejb/core/security/jacc/BasicPolicyConfiguration.java Mon Mar 24 14:48:10 2008
@@ -41,11 +41,11 @@
private final String contextID;
private int state;
- private final Map<String, Permissions> rolePermissionsMap = new LinkedHashMap<String, Permissions>();
- private Permissions unchecked = null;
- private Permissions excluded = null;
+ protected final Map<String, Permissions> rolePermissionsMap = new LinkedHashMap<String, Permissions>();
+ protected Permissions unchecked = null;
+ protected Permissions excluded = null;
- BasicPolicyConfiguration(String contextID) {
+ protected BasicPolicyConfiguration(String contextID) {
this.contextID = contextID;
this.state = OPEN;
}
Modified: openejb/branches/openejb-3.0/container/openejb-jee/src/main/java/org/apache/openejb/jee/ContainerTransaction.java
URL: http://svn.apache.org/viewvc/openejb/branches/openejb-3.0/container/openejb-jee/src/main/java/org/apache/openejb/jee/ContainerTransaction.java?rev=640595&r1=640594&r2=640595&view=diff
==============================================================================
--- openejb/branches/openejb-3.0/container/openejb-jee/src/main/java/org/apache/openejb/jee/ContainerTransaction.java (original)
+++ openejb/branches/openejb-3.0/container/openejb-jee/src/main/java/org/apache/openejb/jee/ContainerTransaction.java Mon Mar 24 14:48:10 2008
@@ -67,10 +67,10 @@
public ContainerTransaction() {
}
-
public ContainerTransaction(TransAttribute transAttribute, String className, String ejbName, String methodName) {
this(transAttribute, new Method(ejbName, className, methodName));
}
+
public ContainerTransaction(TransAttribute transAttribute, String ejbName, java.lang.reflect.Method method) {
this(transAttribute, new Method(ejbName, method));
}
Modified: openejb/branches/openejb-3.0/container/openejb-jee/src/main/java/org/apache/openejb/jee/MethodPermission.java
URL: http://svn.apache.org/viewvc/openejb/branches/openejb-3.0/container/openejb-jee/src/main/java/org/apache/openejb/jee/MethodPermission.java?rev=640595&r1=640594&r2=640595&view=diff
==============================================================================
--- openejb/branches/openejb-3.0/container/openejb-jee/src/main/java/org/apache/openejb/jee/MethodPermission.java (original)
+++ openejb/branches/openejb-3.0/container/openejb-jee/src/main/java/org/apache/openejb/jee/MethodPermission.java Mon Mar 24 14:48:10 2008
@@ -67,6 +67,30 @@
@XmlTransient
protected TextMap description = new TextMap();
+ public MethodPermission() {
+ }
+
+ public MethodPermission(String className, String ejbName, String methodName, String... roles) {
+ this(new Method(ejbName, className, methodName), roles);
+ }
+
+ public MethodPermission(String ejbName, java.lang.reflect.Method method, String... roles) {
+ this(new Method(ejbName, method), roles);
+ }
+
+ public MethodPermission(Method method, String... roles) {
+ getMethod().add(method);
+ for (String role : roles) {
+ getRoleName().add(role);
+ }
+ }
+
+ public MethodPermission setUnchecked() {
+ this.unchecked = new EmptyType();
+ return this;
+ }
+
+
@XmlElement(name = "description", required = true)
public Text[] getDescriptions() {
return description.toArray();